E-Voting: Will Your Vote Count?

By Debra D'Agostino |
Posted 08-11-2006

E-Voting: Will Your Vote Count?

Hardly a day goes by without electronic voting making headlines. In mid-July, voter-rights group Voter GA filed a lawsuit against the Georgia State Election Board opposing the use of electronic systems, calling them too insecure. In Texas, a state district judge refused to block the use of e-voting machines in Travis County's upcoming November elections. And New York made headlines this spring when the U.S. Justice Department sued the state for failing to meet federal e-voting adoption deadlines.

Six years after the 2000 presidential election fiasco in Florida, the debate continues to rage over just how to run a truly fair and accurate election. This despite the Help America Vote Act (HAVA) of 2002, a federal law that allocated $3.8 billion in hopes of solving the problem. The law mandates that each state upgrade to electronic voting systems and create statewide databases of registered voters. This, Congress promised, would ensure fairness to all voters, less ambiguity at the polls, accessible systems for people with disabilities and citizens for whom English is a second language, and quicker and more accurate vote tallying.

Laudable goals. But in Congress' rush to spare the U.S. further embarrassment from hanging chads and confusing butterfly ballots, lawmakers passed HAVAwhich included a deadline of January 2006without considering the security of such systems, and offered little guidance as to how a digital elections process should be effectively conducted. The result: computer malfunctions that miscount votes or erase them altogether, inefficient security measures that leave systems open to the possibility of widespread voter fraud, and statewide registered-voter databases that are still riddled with errors. Voter activist groups have filed lawsuits against nearly a dozen states, claiming the systems are too unsafe to use. Independent studies revealing serious flaws in e-voting softwaremost notably, a recent study released by New York University's Brennan Center for Justicehave led Congress to hold hearings to determine just how safe
e-voting machines really are.

But the greatest damage may have already been done: the widespread erosion of U.S. voters' confidence in their nation's electoral process. "I suspect there are many thousandsmaybe even millionsof Americans who don't believe the results of some recent election or other," says Congressman Rush Holt (D-N.J.), who has authored a bill that would standardize
e-voting practices nationwide. "We have to do everything we can to restore confidence in the mechanism of democracy."

In an age when Americans seem more politically polarized than at any time since the Civil War, to say the stakes are high when it comes to electronic voting is an understatement. After all, voting is, as Thomas Paine wrote, "the primary right by which all other rights are protected." So why haven't we managed to create a trustworthy e-voting system? The answer is one CIOs have heard time and again, but has historically eluded the U.S. federal government: New technology systems, particularly those entailing a great deal of process change, require thorough upfront discussions that include technology experts before those systems are implemented, to determine exactly where vulnerabilities lie and how they can be shored up.

There's no question that e-voting is flawed. All computer systems are. In fact, all voting systems are. But in the Digital Age, e-voting is a natural evolution in voting methods. And by adopting some common-sense checks and balancessuch as a voter-verifiable paper trail, random post-election audits, parallel testing of systems on election day, and strict adherence to carefully crafted chain-of-custody procedures, the U.S. has an unparalleled opportunity to create a truly fair and accurate voting system. That is, of course, as long as taxpayers are willing to pay for it.

Early and Often

: A History of E-Voting">

Voting scandals are nothing new. Lyndon Johnson (whose Voting Rights Act of 1965 was recently renewed by President Bush) was accused of ballot stuffing during his 1948 Senate bid, after a now-infamous "box 13" mysteriously appeared containing enough ballots to push the candidate ahead by a mere 87 votes. In the 1960 presidential election, Chicago's Mayor Richard Daley managed to have thousands of recently deceased voters cast their ballots for John F. Kennedy. Even "honest" Abe Lincoln, in his 1864 bid for reelection, is said to have furloughed registered Republican Union soldiers, while keeping Democrats on the battlefield, where they were unable to vote.

E-voting machines aren't new, either. Optical-scan systems have been in limited use for decadesnot just in voting, but in standardized testing (think college board exams) and state lotteries. In the 1996 presidential election, 7.7 percent of all U.S. votes were cast on Direct Recording Electronic (DRE) systems, better known as touchscreens, and they are fast becoming the most popular e-voting machine, thanks to HAVA. By 2004, more than 61 percent of all U.S. votes were cast using some kind of
electronic system.

The problem is, much of the $3.8 billion allocated for e-voting by the new law was distributed before the Election Assistance Commission (EAC)the group that enforces HAVAwas even appointed. That left the states with no guidelines about how funds should be spent, or what e-voting systems should look like. By the time the EAC was named, nearly a year after HAVA was passed, much of the states' funds had already been spent on e-voting machines, most of them manufactured by companies such as Diebold Inc., Election Systems & Software Inc. and Sequoia Voting Systems Inc. By the 2004 presidential election, 47 percent of all states had spent or obligated more than half the funds they received from HAVA. And the EAC's "Voluntary Voting System Guidelines" were not finalized until December 2005.

The results haven't been pretty. Early critics of electronic-voting systems, such as Avi Rubin, a professor of computer science and technical director of the Information Security Institute at Johns Hopkins University, tested Diebold's source code (which the vendor had inadvertently made available on its Web site) in 2003 for flaws that could lead to significant errors or security breachesand found plenty. "The problem," says Rubin, "is that technology makes it easier to manipulate elections in an invisible way. Because the systems are less transparent, the attacks can scale." In other words, an e-voting programmer could covertly insert a script designed to change votes without ever being detected. Or a hacker could break into the systems and change results on the fly.

The notion that e-voting manufacturers might secretly rig their own systems is laughable to Michelle Shafer, vice president of communications at Oakland, Calif.-based Sequoia Voting Systems and vice chair of the Election Technology Council, a vendor trade association sponsored by the Information Technology Association of America. "These systems have undergone intense federal reviews by independent testing authorities, including a line-by-line review of system source code. And software is stored in the National Software Reference Library (maintained by the National Institute of Standards and Technology), so our customers can compare the certified code they have in escrow against the code on file with NIST. The idea that this code is secret isn't the case at all." Diebold said the flaws Rubin uncovered were minor and would be corrected immediately.

Michael Shamos, who oversees the master of science in eBusiness Technology program at Carnegie Mellon University, has spent 25 years testing electronic voting technology. He says the likelihood of hacking or otherwise tampering with an e-voting machine is far lower than any other type of voter fraud. "There is no way someone can manipulate a million e-voting machines," he says. "The amount of effort and people required to do so is unimaginable." In fact, despite numerous admitted foul-ups, a verified case of voter fraud or deliberate tampering has yet to be reported.

Election Results

: Problems Persist ">

Still, more than 1,000 e-voting problems were reported to nonprofit activist group VoterProtect.org during the 2004 presidential election. In Orleans Parish, La., poll workers couldn't get machines to boot up, causing the polls to open hours late. Twenty-one ES&S machines in Broward County, Fla., crashed during the same elections. Though officials claimed no votes were lost, the lack of a voter-verifiable paper trail meant there was no way to be sure. According to the EAC, as many as 1 million votes were not counted as a result of computer error.

This is why most e-voting criticsmany of whom are technologistssay some sort of voter-verifiable paper trail (in which electronic systems print out a ballot "receipt" voters can review to ensure their vote was recorded correctly) is key to the debate. But many of the e-voting machines purchased with money from HAVA did not have such a mechanism. "Without it, I don't see how anyone can believe these systems are trustworthy," says David Dill, a computer science professor at Stanford University and founder of VerifiedVoting.org, a nonprofit voter advocacy group.

Dill's point is valid, but it's only part
of the solution. Further investigation of
e-voting software by Finnish security expert Harri Hursti, as well as by attorney Lawrence Norden, who chaired the task force on voting-system security at the Brennan Center for Justice, showed that deeper problems persisteven with systems that print paper receipts. "No question, there are bugs in these programs that have led to votes being counted incorrectly," Norden says. "And anything that can happen by accident can also happen on purpose." After an 18‑month study to determine what it would take to pull off widespread voter fraud, he says, "we found that it is possible." The Brennan Report recommends that states undertake a series of steps to prevent errors and thwart fraud, including a voter-verifiable paper trail, random audits of voter results, a detailed chain-of-custody, parallel testing (testing an active e-voting machine on election day) and banning all wireless capabilities on the machines.

But states disagree on which steps are really necessary. In Travis County, Texas, for example, Clerk Dana DeBeauvoir says the best offense is a better defense. "We conduct a step-by-step risk assessment from the time jurisdictions get their equipment through the very end," she says. The assessment "lists everything that might go wrong and helps you figure out how to prevent or deal with it." That includes a line-by-line edit of e-voting source code, parallel testing on election day, and chain-of-custody policies that require a signature every time data or hardware changes hands.

Yet Texas doesn't require any post-­election audits or a voter-verifiable paper trailan issue that pitted DeBeauvoir and Texas Secretary of State Roger Williams against the Texas Civil Rights Project and the NAACP in a July lawsuit (the case was dismissed). DeBeauvoir says her county flawlessly executed its March primaries, while nearly 80 other precincts across Texas suffered widespread e-voting malfunctions. "Some had to rely on the vendors to help them," she admits. "It was a pretty big problem."

In Minnesota, State Secretary Mary Kiffmeyer claims that voting recount errors have dropped from 30 percent to nearly zero since the adoption of her detailed chain-of-custody procedures, which include both paper trails and independent audits. The process is one she's been developing since taking the state secretary post in 1998, guided by her prior 11-year experience as an election judge. Kiffmeyer created strict guidelines about how the machines should be stored between electionssome states allow volunteers to take systems home with them before an electionand operated on election day. The state runs a detailed training program for county election administrators, who are graded on their performance. Though Minnesota does not perform parallel testing on election day, voting precincts' results are randomly audited to make sure there were no glitches. And the findings are all posted to the state's Web site. "In the end, you have to be realistic about technology and the circumstances you're using it in," she says.

If Congressman Holt has his way, it won't be long before all states adopt a nationwide system of checks and balances. His bill, which has nearly 200 co-sponsors and is awaiting approval in the House of Representatives, mandates all the Brennan Report's recommendations. "We are a couple of years late," he admits, "But the problem has been recognized. We need a national standard on this."

EAC Chairman Paul DeGregorio, on the other hand, doesn't believe a federal law is a good idea. "One size does not fit all," he says. "Some jurisdictions have large numbers of people and budgets, others do not. And states have different ballot and procedural needs." Ross Goldstein, deputy state administrator for the Maryland Board of Elections, which conducts parallel testing but does not require paper trails or auditing, is also wary of such a bill. "In some ways, I see the benefit to standardizing processes," he says. "But I hope whatever is being contemplated takes the election community into consideration. All of this takes time and
significant investment."

Fixing the Hole in

E-Voting">

Cost is perhaps the biggest reason why
e-voting systems should be left alone, says Carnegie Mellon's Shamos. Since much of the HAVA funds have already been spent, there is little money left to make the systems more secure. And, he says, "the public doesn't want to pay for voting machines. If you ask people if they want a secure election, they say of course. But ask them to give up some of the highway or school budget to pay for it. It's not going to happen."

Norden disagrees. "There's nothing more fundamental to our democracy than making sure that votes are counted accurately. Choosing between schools and e-voting systems isn't a choice people should have to make," he says. At least 39 states agree with Norden, and they are beginning to scrutinize their e-voting processes, including how to instate audits and create a more thorough chain of custody. The EAC is putting together a series of guides to help election officials better manage their election processes.

There's still work to be done, EAC Chairman DeGregorio admits, but in the end, what's important is to instill trust among voters. "The election process is more transparent today than ever before. Officials are opening up the process to instill greater trust and confidence."

Rubin of Johns Hopkins agrees that open processes are the key. "We want election technology that's so transparent you can have the most corrupt people in charge and still have fair elections," he says.